Heimdal
article featured image

Contents:

Dutch researchers revealed 5 vulnerabilities in the Terrestrial Trunked Radio (TETRA) that could expose government organizations and critical infrastructure communication to third parties.

Two of the collectively called TETRA:BURST flaws, CVE-2022-22401 and CVE-2022-22402, were rated critical.

TETRA is used for communication by police, fire and ambulance services, transportation agencies, utilities, military and border control organizations, UN, and NATO in over 100 countries worldwide. The TETRA:BURST vulnerabilities could enable threat actors to get access to and exfiltrate sensitive data and even alter law enforcement and military radio communication. Most of them impact all TETRA networks.

Depending on infrastructure and device configurations, these vulnerabilities allow for real time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning

Source

Although there it is possible that the five CVEs have been also discovered by malicious actors, researchers claim there is yet no evidence of them being exploited in the wild.

The Five TETRA:BURST Vulnerabilities Described

The security researchers used reverse engineering techniques to discover the TETRA:BURST vulnerabilities. Rated from high to critical, the bugs allow ”practical interception and manipulation attacks by both passive and active adversaries”. (Source)

Threat actors can use them as follows:

  • CVE-2022-24401 allows decryption oracle attacks. Hackers could exploit it to compromise the confidentiality and authenticity of data. The flaw was rated critical.
  • CVE-2022-24402 is a backdoor in the TEA1 encryption algorithm. It permits brute-forcing on keys and leads to a loss of confidentiality and authenticity. This flaw was also rated critical.
  • CVE-2022-24404 was scored high and is an authentication vulnerability on AIE that enables malleability attacks, leading to a loss of authentication.
  • CVE-2022-24403 exposes users` identities, as it fails to obfuscate radio identities. Its CVSS is high.
  • CVE-2022-24400 is a flaw in the authentication algorithm and is rated as low risk. It can result in a loss of authenticity and a partial loss of data integrity.

Risk Mitigation and Further Advice

For the moment, patches are available only for CVE-2022-24401 and CVE-2022-24404 and should, of course, be applied.

Security specialists recommend using end-to-end encryption to mitigate CVE-2022-24402 and CVE-2022-24403 risks.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE